DevKey module for HopJS
This is a small devkey module for HopJS, it provides a basic framework for implementing devkeys.
We define a devkey as simply, a key which describes which is associated with a set of permissions.
//This key simply says - allow all callskey1:"*"//This key says - allow any call which has an input parameter of public=truekey2:"public:true"//This key says - allow any call which has an input of public=true and enabled=falsekey3:"public:true && enabled:false"//This key only works when the environmental variable NODE_ENV isn't set to productionkey4:"!$env.NODE_ENV:'production'"//This key defines specific permissions for specific functionskey5:"User.create":"email:/.+\.foo.com/""User.delete":"$session.user.email:/+.foo.com/""MailBox.*":"to:/.+foo.com/"//Don't allow this key to use IEkey6:"!$headers.agent:/MSIE/"
DevKeys can be used from a number of different providers:
- Http - we can fetch a key on demand
- Redis - we can fetch a key from redis
- Crypto - we can encode permissions using symmetric encryption
- Signed - we can use permissions signed with private/public keys
- RedisCache - we can cache keys in redis
- MemoryCache - we can cache keys in memory
var HopDevKey = require'hopjs-devkey';//...//Tell hop to use the devkey moduleHopuseHopDevKey;/* Let's setup for how we want to manage dev keys1. Hit the memory cache for keys2. Hit the symmetric key provider3. Hit the redis cache key provider4. Hit the signed key provider5. Hit the http key provider*///Fifth we'll use an HTTP key providervar dkp = "";//Fourth we'll use an public/private key providervar skp = "key.pub"dkp;//Third we'll look in our redis cache for the keyvar rkp = skprediscreateClient3000;//Second we'll use a symmetic crypto key providervar ckp = "foofoo"rkp;//First we'll hit our memory cache of keysvar mkp = ckp100;//...HopdefineClass"User"Userapicreate"User.create""/user/"demand"email""username"requireDevKeymkp;apidelete"User.delete""/user/:id"requireDevKeymkp;;
You will need to decide how you manage and generate them, here are some example scenarios:
- You simply use signed keys, you sign a set of permissions and distribute them
- You create a simple restful dev key service, and then have it generate keys, see the service example
- You create a simple devkey service which allows objects to be associated with devkeys